[Seattle-SAGE] hostname survey
lamont at scriptkiddie.org
lamont at scriptkiddie.org
Fri May 27 00:01:16 PDT 2005
kerberos canonicalization does roughly this, and should give a canonical
FQDN for the host:
if /bin/hostname does not return a FQDN and that matches the 127.0.0.1
line in /etc/hosts and gethostbyaddr on 127.0.0.1 hits that /etc/hosts
line the other way to give the short version, the above will give
host/<shortname>@REALM instead of host/<FQDN>@REALM. i haven't tested
this exact use case, but i believe that's how it'll work...
if i want to use kerberos, i don't believe i can use your method.
in fairness, the kerberos sources note that this is broken.
if you don't care about kerberos you may not care about that...
also, its very nice if /bin/hostname produces a "globally unique id" which
you can use in host management tools. there might be better ways to
manage that, but this approach is simple and stupid and everyone in your
organization can understand it, so it scales fairly well. if you're the
only sysadmin at your site this isn't a big deal and there might be better
approaches, but if you've got 20+ system admins and a few dozen developers
who at any time might be writing systems code it leads to a simple and
On Thu, 26 May 2005, Brian Hatch wrote:
> Too many problems have been caused by having FQDNs locally that didn't
> match DNS, so you have different results than other machines when trying
> to find you. This is annoying.
so fix that. manage your DNS information better, don't screw up your
hostname to try to patch over bad DNS management.
thinking more about this issue, if you can't trust DNS for accurate
canonicalization, and /bin/hostname doesn't produce canonicalization then
you probably can't trust that any FQDN is canonical for your host. you
might have some kind of site-wide convention which canonicalizes hosts
which doesn't rely on DNS, but if you've got your shit together enough to
do that, you could have fixed DNS to begin with, so I don't see that
happening. the end result is that you're left with no canonicalization
and you probably wind up with systems databases (e.g. asset tracking
databases, etc) which have short hostnames in them, and I really, really
hate that. even if you make short hostnames unique site-wide (also a good
idea), i still hate it because you can't grab hostnames out of the
database and connect to the host without magic to find the FQDN. the
convention that /bin/hostname returns a canonical FQDNs is so much
cleaner. then you just make sure that your databases (DNS, assets)
reflect existing state by either fixing the databases or fixing the local
you can always work around this to try to make your hostnames short, but i
don't see the point, and if you're capable of doing that level of work,
just fix DNS.
More information about the Members